diff options
-rw-r--r-- | challenge/c17.go | 13 | ||||
-rw-r--r-- | lib/oracle.go | 14 |
2 files changed, 14 insertions, 13 deletions
diff --git a/challenge/c17.go b/challenge/c17.go index 45c53bd..78c949c 100644 --- a/challenge/c17.go +++ b/challenge/c17.go @@ -11,6 +11,10 @@ import ( // Cryptopals #17 - CBC padding oracle attack func C17() { + key, err := lib.RandomKey(16) + if err != nil { + fmt.Printf("key generation: error: %v\n", err) + } cookies := []string{ "MDAwMDAwTm93IHRoYXQgdGhlIHBhcnR5IGlzIGp1bXBpbmc=", "MDAwMDAxV2l0aCB0aGUgYmFzcyBraWNrZWQgaW4gYW5kIHRoZSBWZWdhJ3MgYXJlIHB1bXBpbic=", @@ -26,14 +30,17 @@ func C17() { encrypt := func() ([]byte, []byte) { r := lib.RandomInt(0, int64(len(cookies)-1)) p := lib.Base64ToBytes(cookies[r]) - k := lib.OracleKey - iv := lib.OracleIV + k := key + iv, err := lib.RandomKey(16) + if err != nil { + fmt.Printf("iv generation: error: %v\n", err) + } c := lib.AESEncryptCBC(p, k, iv) return c, iv } decrypt := func(c, iv []byte) bool { - k := lib.OracleKey + k := key _, err := lib.AESDecryptCBC(c, k, iv) if err != nil { return false diff --git a/lib/oracle.go b/lib/oracle.go index 8c7a52b..e2ee5fe 100644 --- a/lib/oracle.go +++ b/lib/oracle.go @@ -8,19 +8,13 @@ aGFpciBjYW4gYmxvdwpUaGUgZ2lybGllcyBvbiBzdGFuZGJ5IHdhdmluZyBq dXN0IHRvIHNheSBoaQpEaWQgeW91IHN0b3A/IE5vLCBJIGp1c3QgZHJvdmUg YnkK` -var OracleKey []byte -var OracleIV []byte +var oracleKey []byte var oracleRandom []byte func init() { var err error - OracleKey, err = RandomKey(16) - if err != nil { - panic(err) - } - - OracleIV, err = RandomKey(16) + oracleKey, err = RandomKey(16) if err != nil { panic(err) } @@ -64,11 +58,11 @@ func OracleAESRandomEncrypt(in []byte) []byte { } func OracleAESEncryptECB(in []byte) []byte { - return AESEncryptECB(append(in, Base64ToBytes(oracleUnknown)...), OracleKey) + return AESEncryptECB(append(in, Base64ToBytes(oracleUnknown)...), oracleKey) } func OracleAESVarEncryptECB(in []byte) []byte { in = append(oracleRandom, in...) in = append(in, Base64ToBytes(oracleUnknown)...) - return AESEncryptECB(in, OracleKey) + return AESEncryptECB(in, oracleKey) } |